Pierluigi Paganini
December 14, 2022
VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition.
A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen Security Lab.
Here is my demo of the VM escape exploit on the latest version of VMware Fusion along with ESXi and Workstation. It was used to participate in GeekPwn 2022 and won the championship. pic.twitter.com/Ze2rtCVAsv
— Danis Jiang (@danis_jiang) November 14, 2022
The CVE-2022-31705 vulnerability (CVSSv3 base score of 9.3) is a heap out-of-bounds write issue in the USB 2.0 controller (EHCI).
“VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI)” reads the advisory published by the virtualization giant. “A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.”
The company also addressed a command injection and directory traversal security vulnerabilities, respectively tracked as CVE-2022-31702 and CVE-2022-31703, impacting the VMware vRealize Network Insight (vRNI) solution. Below are the details for the flaws:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, VMware)
[adrotate banner=”5″]
[adrotate banner=”13″]
